ColdLife

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview
Summary:	an Internet Relay Chat BOT/DDoS tool,
Alias:	Backdoor.IRC.ColdLife.40, Backdoor.IRC.ColdLife.51, Backdoor.IRC.Fusion.20, Backdoor.Litmus.203, IRC.ColdLife.30
Category:	Flooder: A program that overloads a connection by any mechanism, such as fast pinging, causing a DoS attack.
Variants:	Coldlife 4.0 ColdLife 4.1.0.0
Similar Pests:	Flooder
Origins
Author:	ColdLife
Date of Origin:	Variants from October, 2002 to August, 2003
Operation
Default Port:	113, 300, 27374 TCP More info about ports.
Storage Required:	ColdLife 4.1.0.0: at least 705 KB
Restart:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "LTM2" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ColdLife - icmp" HKEY_CLASSES_ROOT\irc\Shell\open\command "(Default)" Autostarting Pests
Detection and Removal
Automatic Removal:	PestPatrol detects this. PestPatrol removes this.
Manual Removal:	Follow these steps to remove ColdLife from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
	Stop Running Processes: Kill these running processes with Task Manager: systemroot+\litmus\winhelper.exe systray.exe
	Remove AutoRun Reference: Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you find the value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\ltm2, delete it and reboot the machine immediately.
	Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot: control.dll
	Clean Registry: Remove these registry items (if present) with RegEdit: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\ltm2
	Remove Files: Remove these files (if present) with Windows Explorer: control.dll systemroot+\litmus\winhelper.exe systray.exe w32sock.bat
Research
File Analyses:	ColdLife 4.1.0.0: control.dll · systray.exe · w32sock.bat
More Info:	AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
Research By:	PestPatrol's Pest Research Center
Last Revised:	April 01, 2005

ColdLife

· Overview · · Origins · · Operation · · Detection and Removal · · Research ·

Overview

Summary:

Alias:

Category:

Variants:

Similar Pests:

Origins

Author:

Date of Origin:

Operation

Default Port:

Storage Required:

Restart:

Detection and Removal

Automatic Removal:

Manual Removal:

Research

File Analyses:

More Info:

Research By:

Last Revised:

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·